About Us
DICT clarifies: eGov Super App not hacked, incident linked to eComplaints System
-
Photo courtesy of Pixabay
By TechWatch PH Staff
A hacker group has claimed responsibility for leaking more than 30,000 records allegedly tied to the Philippine government’s eGov PH platform.
Screenshots shared on underground forums showed spreadsheets with complainant data, including barangay codes, city addresses, and timestamps from the eComplaints records.
The attacker, using the handle “Dedsec_Manila,” framed the move as a “cyber attack on eGov,” claiming it was meant to expose corruption.
But the Department of Information and Communications Technology (DICT) quickly issued a clarification, stressing that the eGov PH Super App itself was not breached.
In a statement to TechWatchPH, DICT Undersecretary for eGovernance David Almirol Jr., lead proponent of the eGov PH Super App, said:
“The eGov App was not the one hacked. The issue was with one of the many integrations with eGov—the eComplaints system. We want to reassure everyone that there has been no data breach in the eGov App, as the platform is secure and all user personal information is safely encrypted. We are also conducting a full investigation to determine the root cause of this possible hacking incident involving the eComplaints system.”
What is eGov PH Super App?
Launched in 2023, the eGov PH Super App is the government’s flagship digital platform, designed as a one-stop shop for both national and local services.
It combines multiple agencies into a single interface, though each agency continues to manage its own systems and databases—systems that the DICT does not directly access.
The app aims to cut red tape, improve efficiency, and encourage digital adoption among Filipinos.
To ensure security, DICT noted that the app undergoes regular security audits, encryption safeguards, and third-party penetration testing, with multi-layered defenses protecting sensitive data such as personal information and financial transactions.
eComplaints System
The eComplaints platform, which allows citizens to file reports on government services and local issues, is one of many external services connected to the eGov ecosystem.
Unlike the core eGov app, it runs on separate infrastructure.
Cybersecurity experts point out that third-party integrations are often vulnerable to API misconfigurations, weak authentication, or endpoint lapses.
DICT confirmed it is now working with its Cybersecurity Bureau, the Cybercrime Investigation and Coordinating Center (CICC), and other partner agencies to trace how the alleged records were exfiltrated.
Public assurance, ongoing probe
DICT emphasized that no sensitive personal data—such as core user accounts, national ID records, or financial transactions inside the eGov Super App—have been compromised. So far, only eComplaints entries appear to be affected, pending the final results of the investigation.
The agency also vowed to tighten oversight on all third-party systems connected to eGov to prevent similar incidents in the future.
“This is an isolated issue affecting just one of many integrations with eGov—not a breach of the eGov platform itself,” Almirol stressed. “The implementation of our eGovChain, the government’s blockchain framework, will further strengthen our cybersecurity. We remain committed to ensuring digital governance that is secure, efficient, and trustworthy.”